Caro Alfonso, avrei bisogno del tuo aiuto
Mentre navigo continua ad aprirsi una pagina dal titolo "search for" seguita dall'apertura di altre finestre che dicono che il computer è infettato e cose simili.
Sono andato in modalità provvisoria, ho pulito con spybot ed adaware, ho lanciato l'antivirus, ho eliminato le chiavi che mi sembravano pericolose da Hijacks ma il problema continua (e se rilancio Hijacks ci sono dinuovo).
Provo a postarti il log se mi puoi dare una mano (anche perché a volte queste pagine si aprono e non mi laciano entrare nei siti)
Ciao e grazie
Marco
Logfile of HijackThis v1.99.1
Scan saved at 20.39.14, on 19/02/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAMMI\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\PSIMSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAMMI\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\APVXDWIN.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\NOSPY.ORG\START1.EXE
C:\PROGRAMMI\UNH SOLUTIONS\IE PRIVACY KEEPER\IEPRIVACYKEEPER.EXE
C:\PROGRAMMI\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\WEBPROXY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS_199\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
www.msn.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.itR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
www.google.itR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - (no file)
O2 - BHO: (no name) - {3D0BD921-8125-11D9-B514-0002A0FBDFEE} - C:\WINDOWS\SYSTEM\DNBC.DLL
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGRAB.DLL
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [yszceb] c:\windows\system\yszceb.exe
O4 - HKLM\..\Run: [WINGT.EXE] C:\WINDOWS\WINGT.EXE
O4 - HKLM\..\Run: [STARTPAGE] C:\NOSPY.ORG\start1.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [PavProc] "C:\Programmi\File comuni\Panda Software\PavShld\PavPrS9x.exe"
O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Programmi\Panda Software\Panda Titanium Antivirus 2004\PSIMSVC.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\PROGRAMMI\UNH SOLUTIONS\IE PRIVACY KEEPER\IEPRIVACYKEEPER.EXE" -stcleanup
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 213.159.117.150
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cabO18 - Filter: text/html - {3FEB6A61-828E-11D9-B514-000262900EC7} - C:\WINDOWS\SYSTEM\DNBC.DLL
O18 - Filter: text/plain - {3FEB6A61-828E-11D9-B514-000262900EC7} - C:\WINDOWS\SYSTEM\DNBC.DLL
O21 - SSODL: WVVQEkZswbF - {345917E1-9EF3-BD4B-CA1B-589263C28EC2} - C:\WINDOWS\SYSTEM\SMB.DLL